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DETAILED ACTION 
Drawings 

The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(5) 
because they do not include the following reference sign(s) mentioned in the 
description: 32 (page 7, line 13). Corrected drawing sheets in compliance with 
37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment 
of the application. Any amended replacement drawing sheet should include all of 
the figures appearing on the immediate prior version of the sheet, even if only 
one figure is being amended. The replacement sheet(s) should be labeled 
"Replacement Sheet" in the page header (as per 37 CFR 1.84(c)) so as not to 
obstruct any portion of the drawing figures. If the changes are not accepted by 
the examiner, the applicant will be notified and informed of any required 
corrective action in the next Office action. The objection to the drawings will not 
be held in abeyance. 

Specification 

The abstract of the disclosure is objected to because it exceeds 150 
words in length. Correction is required. See MPEP § 608.01(b). 

Applicant is reminded of the proper language and format for an abstract of 
the disclosure. 

The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 150 words. It is 
important that the abstract not exceed 150 words in length since the space 
provided for the abstract on the computer tape used by the printer is limited. The 
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form and legal phraseology often used in patent claims, such as "means" and 
"said," should be avoided. The abstract should describe the disclosure 
sufficiently to assist readers in deciding whether there is a need for consulting the 
full patent text for details. 

The language should be clear and concise and should not repeat 
information given in the title. It should avoid using phrases which can be implied, 
such as, 'The disclosure concerns," "The disclosure defined by this invention," 
"The disclosure describes," etc. 

The disclosure is objected to because of the following informalities: 
"PPTP" (page 2, line 2), "CMOS" (page 6, line 11), "PIN" (page 6, line 29). While 
well known in the art, these terms have not been defined. 

Claim Objections 

Claim 6 is objected to because of the following informalities: "CMOS" (line 
2 of the claim). While well known in the art this term has not been defined. 
Appropriate correction is required. 

Claim Rejections ■ 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claim 2 is rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Claim 2 recites the limitation "the apparatus according to claim 1" in line 1 
of the claim. There is insufficient antecedent basis for this limitation in the claim. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

Claims 1-4, 6-9 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over DeTreville and further in view of Schneier et al. and Fielder et 
al. 

Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
DeTreville, Schneier et al., and Fielder et al. as applied to claim 4 above, and 
further in view of Borza. 

Claims 10-11 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over DeTreville and further in view of Fielder et al. 

Regarding claim 1 , DeTreville teaches a security mechanism for enabling 
a user to commence a session between a network peripheral device and a 
network (column 4, lines 18-22), comprising: an immutable memory element that 
contains first information including application software that initiates that provides 
security services (column 4, lines 35-40); a persistent memory element that 
contains second information to enable the security mechanism to configure the 
network peripheral device to different networks (column 5, lines 15-20); a volatile 
memory element that contains third information, including the critical data for 
authentication, said third information erased from the volatile memory at the 
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completion of each connection session (column 5, lines 18-24). However, 
DeTreville does not disclose expressly a security mechanism for enabling a user 
to commence a session between a network peripheral device and a network, 
comprising: a tamper-evident enclosure for enclosing the memory elements. 

Schneier et al. teach a security mechanism for enabling a user to 
commence a session between a network peripheral device and a network, 
comprising: a tamper-evident enclosure for enclosing the memory elements 
(column 8, lines 15-27). 

Fielder et al. teach a security mechanism for enabling a user to 
commence a session between a network peripheral device and a network, 
comprising: a volatile memory element that contains third information, including 
the critical data for authentication, said third information erased from the volatile 
memory at the completion of each connection session (column 4, lines 59-67, 
column 5, lines 1-4). 

DeTreville, Schneier et al., and Fielder et al. are analogous art because 
they are directed to a similar problem solving area - authentication systems. 

At the time of the invention it would have been obvious to a person of 
ordinary skill in the art to: house memory components in a tamper evident 
enclosure to reveal any attempt to physically open the structure, and to store 
critical data for authentication on volatile memory to avoid misappropriation. 

Therefore, it would have been obvious to a person of ordinary skill in the 
art to combine the teachings of Schneier et al. and Fielder et al. with the method 
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of DeTreville for the benefit of authentication systems to obtain the invention as 
specified in claim 1 . 

Regarding claim 2, DeTreville, Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 1 above. Furthermore, DeTreville teaches the 
apparatus according to claim 1 wherein the security services include 
authentication of the security mechanism itself (column 4, lines 35-38) and 
authentication of the user to the network upon receipt of identification information 
from the security mechanism and the user (column 23, lines 4-14), respectively. 

Regarding claim 3, DeTreville, Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 1 above. Furthermore, DeTreville teaches the 
security mechanism according to claim 1 wherein the immutable memory 
contains a private key for encrypting the user and security mechanism 
identification information (column 22, lines 15-25). 

Regarding claim 4, DeTreville, Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 1 above. Furthermore, DeTreville teaches the 
security mechanism according to claim 1 wherein the immutable memory 
comprises a Read-Only Memory (ROM) (column 5, lines 16-18). 

Regarding claim 6, DeTreville, Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 1 above. Furthermore, DeTreville teaches the 
security mechanism according to claim 1 wherein the persistent memory 
comprises at least one of one of a CMOS Random Access Memory (RAM) and a 
Programmable Read Only Memory (PROM) (column 5, lines 16-18). 
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Regarding claim 7, DeTreville, Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 1 above. Furthermore, Fielder et al. teach the 
security mechanism according to claim 1 wherein the volatile memory comprises 
a random access memory (column 4, lines 59-67, column 5, lines 1-4). 

Regarding claim 8, DeTreville, Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 1 above. Furthermore, Schneier et al. teach 
the security mechanism according to claim 1 wherein the tamper evident 
enclosure readily exhibits any attempt to gain access there through to the 
memory elements enclosed therein (column 8, lines 15-27). 

Regarding claim 9, DeTreville, Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 1 above. Furthermore, Schneier et al. teach 
the security mechanism according to claim 1 wherein the physical security of the 
security mechanism depends on the degree of tamper resistance of the 
enclosure (column 8, lines 15-27). 

Regarding claim 5, DeTreville, Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 4 above. However, DeTreville, Schneier et al., 
and Fielder et al. do not disclose expressly the security mechanism according to 
claim 4 wherein the immutable memory further includes a Write-once ROM. 

Borza teaches the security mechanism according to claim 4 wherein the 
immutable memory further includes a Write-once ROM (column 11, lines 10-17). 

DeTreville, Schneier et al., Fielder et al., and Borza are analogous art 
because they are directed to a similar problem solving area - authentication 
systems and data protection. 
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At the time of the invention it would have been obvious to a person of 
ordinary skill in the art to use write-once read only memory to prevent software 
from being overwritten. 

Therefore, it would have been obvious to a person of ordinary skill in the 
art to combine the teachings of Borza with the method of DeTreville, Schneier et 
al., and Fielder et al. for the benefit of authentication systems and data protection 
to obtain the invention as specified in claim 5. 

Regarding claim 10, DeTreville teaches a method for facilitating a secure 
connection session with a user between a network peripheral device and a 
network (column 4, lines 18-22), comprising the steps of: accessing an 
immutable memory element that contains first information that provides security 
services (column 4, lines 35-40); accessing a persistent memory element that 
contains second information including configuration information to enable the 
security mechanism to configure the network peripheral device to the network 
(column 5, lines 15-20); accessing a volatile memory element that contains third 
information, including critical data for authentication (column 5, lines 18-24). 
However, DeTreville does not disclose expressly a method for facilitating a 
secure connection session with a user between a network peripheral device and 
a network, comprising the steps of: erasing said third information not later than 
the end of the connection session so no third information remains in the volatile 
memory between sessions. 

Fielder et al. teach a method for facilitating a secure connection session 
with a user between a network peripheral device and a network, comprising the 
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steps of: erasing said third information not later than the end of the connection 
session so no third information remains in the volatile memory between sessions 
(column 4, lines 59-67, column 5, lines 1-4). 

DeTreville and Fielder et al. are analogous art because they are directed 
to a similar problem solving area - authentication systems. 

At the time of the invention it would have been obvious to a person of 
ordinary skill in the art to store critical data for authentication on volatile memory 
to avoid misappropriation. 

Therefore, it would have been obvious to a person of ordinary skill in the 
art to combine the teachings, of Fielder et al. with the method of DeTreville for the 
benefit of authentication systems to obtain the invention as specified in claim 10. 

Regarding claim 11, DeTreville and Fielder et al. teach the limitations as 
set forth under claim 10 above. Furthermore, DeTreville teaches the method 
according to claim 10 wherein the security services include authentication of the 
security mechanism itself (column 4, lines 35-38) and authentication of the user 
to the network upon receipt of identification information from the security 
mechanism and the user (column 23, lines 4-14), respectively. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to David G. Cervetti whose telephone number is 
(571) 272-5861. The examiner can normally be reached on Monday-Friday 8:30 
am - 5:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Ayaz R. Sheikh can be reached on (571) 272-3795. The 
fax phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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